Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mpdcon.app-1.1.99/AppController.h
Examining data/mpdcon.app-1.1.99/BoldCell.h
Examining data/mpdcon.app-1.1.99/BoldFormatter.h
Examining data/mpdcon.app-1.1.99/CollectionController.h
Examining data/mpdcon.app-1.1.99/CrossfadeController.h
Examining data/mpdcon.app-1.1.99/MPDController.h
Examining data/mpdcon.app-1.1.99/NormalFormatter.h
Examining data/mpdcon.app-1.1.99/OwnTableView.h
Examining data/mpdcon.app-1.1.99/PlayView.h
Examining data/mpdcon.app-1.1.99/PlaylistController.h
Examining data/mpdcon.app-1.1.99/PlaylistItem.h
Examining data/mpdcon.app-1.1.99/PlaylistsManagerController.h
Examining data/mpdcon.app-1.1.99/PreferencesController.h
Examining data/mpdcon.app-1.1.99/StatisticsController.h
Examining data/mpdcon.app-1.1.99/StatisticsItem.h
Examining data/mpdcon.app-1.1.99/Strings.h
Examining data/mpdcon.app-1.1.99/libmpdclient.c
Examining data/mpdcon.app-1.1.99/libmpdclient.h
FINAL RESULTS:
data/mpdcon.app-1.1.99/libmpdclient.c:259:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(connection->buffer,rt+1);
data/mpdcon.app-1.1.99/libmpdclient.c:489:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(connection->errorStr, output);
data/mpdcon.app-1.1.99/libmpdclient.c:1061:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string,"listall \"%s\"\n",sDir);
data/mpdcon.app-1.1.99/libmpdclient.c:1070:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string,"listallinfo \"%s\"\n",sDir);
data/mpdcon.app-1.1.99/libmpdclient.c:1079:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string,"lsinfo \"%s\"\n",sDir);
data/mpdcon.app-1.1.99/libmpdclient.c:1105:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string,"search %s \"%s\"\n",st,sanitStr);
data/mpdcon.app-1.1.99/libmpdclient.c:1126:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string,"find %s \"%s\"\n",st,sanitStr);
data/mpdcon.app-1.1.99/libmpdclient.c:1147:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string,"list %s \"%s\"\n",st,sanitArg1);
data/mpdcon.app-1.1.99/libmpdclient.c:1152:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string,"list %s\n",st);
data/mpdcon.app-1.1.99/libmpdclient.c:1161:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string,"add \"%s\"\n",sFile);
data/mpdcon.app-1.1.99/libmpdclient.c:1184:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string,"save \"%s\"\n",sName);
data/mpdcon.app-1.1.99/libmpdclient.c:1193:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string,"load \"%s\"\n",sName);
data/mpdcon.app-1.1.99/libmpdclient.c:1202:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string,"rm \"%s\"\n",sName);
data/mpdcon.app-1.1.99/libmpdclient.c:1290:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string,"update \"%s\"\n",sPath);
data/mpdcon.app-1.1.99/libmpdclient.c:1351:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string,"password \"%s\"\n",sPass);
data/mpdcon.app-1.1.99/libmpdclient.h:146:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int random;
data/mpdcon.app-1.1.99/libmpdclient.c:161:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&sin.sin_addr.s_addr,(char *)he->h_addr,
data/mpdcon.app-1.1.99/libmpdclient.c:169:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"no IPv6 suuport but a "
data/mpdcon.app-1.1.99/libmpdclient.c:174:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&sin6.sin6_addr.s6_addr,(char *)he->h_addr,
data/mpdcon.app-1.1.99/libmpdclient.c:181:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"address type is not IPv4 or "
data/mpdcon.app-1.1.99/libmpdclient.c:189:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"problems creating socket");
data/mpdcon.app-1.1.99/libmpdclient.c:273:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * version[3];
data/mpdcon.app-1.1.99/libmpdclient.c:333:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"not done processing current command");
data/mpdcon.app-1.1.99/libmpdclient.c:397:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"already done processing current command");
data/mpdcon.app-1.1.99/libmpdclient.c:416:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"buffer overrun");
data/mpdcon.app-1.1.99/libmpdclient.c:436:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"connection"
data/mpdcon.app-1.1.99/libmpdclient.c:448:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"connection timeout");
data/mpdcon.app-1.1.99/libmpdclient.c:462:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr, "expected more list_OK's");
data/mpdcon.app-1.1.99/libmpdclient.c:473:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,
data/mpdcon.app-1.1.99/libmpdclient.c:591:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->volume = atoi(re->value);
data/mpdcon.app-1.1.99/libmpdclient.c:594:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->repeat = atoi(re->value);
data/mpdcon.app-1.1.99/libmpdclient.c:597:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->random = atoi(re->value);
data/mpdcon.app-1.1.99/libmpdclient.c:603:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->playlistLength = atoi(re->value);
data/mpdcon.app-1.1.99/libmpdclient.c:606:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->bitRate = atoi(re->value);
data/mpdcon.app-1.1.99/libmpdclient.c:623:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->song = atoi(re->value);
data/mpdcon.app-1.1.99/libmpdclient.c:626:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->songid = atoi(re->value);
data/mpdcon.app-1.1.99/libmpdclient.c:635:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->elapsedTime = atoi(temp);
data/mpdcon.app-1.1.99/libmpdclient.c:637:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(temp) status->totalTime = atoi(temp);
data/mpdcon.app-1.1.99/libmpdclient.c:645:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->crossfade = atoi(re->value);
data/mpdcon.app-1.1.99/libmpdclient.c:648:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->updatingDb = atoi(re->value);
data/mpdcon.app-1.1.99/libmpdclient.c:657:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->sampleRate = atoi(temp);
data/mpdcon.app-1.1.99/libmpdclient.c:660:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status->bits = atoi(temp);
data/mpdcon.app-1.1.99/libmpdclient.c:662:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(temp) status->channels = atoi(temp);
data/mpdcon.app-1.1.99/libmpdclient.c:680:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"state not found");
data/mpdcon.app-1.1.99/libmpdclient.c:729:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stats->numberOfArtists = atoi(re->value);
data/mpdcon.app-1.1.99/libmpdclient.c:732:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stats->numberOfAlbums = atoi(re->value);
data/mpdcon.app-1.1.99/libmpdclient.c:735:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stats->numberOfSongs = atoi(re->value);
data/mpdcon.app-1.1.99/libmpdclient.c:949:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"problem parsing song info");
data/mpdcon.app-1.1.99/libmpdclient.c:987:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entity->info.song->time = atoi(re->value);
data/mpdcon.app-1.1.99/libmpdclient.c:991:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entity->info.song->pos = atoi(re->value);
data/mpdcon.app-1.1.99/libmpdclient.c:995:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entity->info.song->id = atoi(re->value);
data/mpdcon.app-1.1.99/libmpdclient.c:1039:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"playlistinfo \"%i\"\n",songPos);
data/mpdcon.app-1.1.99/libmpdclient.c:1046:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "playlistid \"%i\"\n", id);
data/mpdcon.app-1.1.99/libmpdclient.c:1053:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"plchanges \"%lld\"\n",playlist);
data/mpdcon.app-1.1.99/libmpdclient.c:1092:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char st[10];
data/mpdcon.app-1.1.99/libmpdclient.c:1095:32: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(table == MPD_TABLE_ARTIST) strcpy(st,"artist");
data/mpdcon.app-1.1.99/libmpdclient.c:1096:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if(table == MPD_TABLE_ALBUM) strcpy(st,"album");
data/mpdcon.app-1.1.99/libmpdclient.c:1097:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if(table == MPD_TABLE_TITLE) strcpy(st,"title");
data/mpdcon.app-1.1.99/libmpdclient.c:1098:39: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if(table == MPD_TABLE_FILENAME) strcpy(st,"filename");
data/mpdcon.app-1.1.99/libmpdclient.c:1101:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"unknown table for search");
data/mpdcon.app-1.1.99/libmpdclient.c:1114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char st[10];
data/mpdcon.app-1.1.99/libmpdclient.c:1117:32: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(table == MPD_TABLE_ARTIST) strcpy(st,"artist");
data/mpdcon.app-1.1.99/libmpdclient.c:1118:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if(table == MPD_TABLE_ALBUM) strcpy(st,"album");
data/mpdcon.app-1.1.99/libmpdclient.c:1119:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if(table == MPD_TABLE_TITLE) strcpy(st,"title");
data/mpdcon.app-1.1.99/libmpdclient.c:1122:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"unknown table for find");
data/mpdcon.app-1.1.99/libmpdclient.c:1135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char st[10];
data/mpdcon.app-1.1.99/libmpdclient.c:1137:32: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(table == MPD_TABLE_ARTIST) strcpy(st,"artist");
data/mpdcon.app-1.1.99/libmpdclient.c:1138:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if(table == MPD_TABLE_ALBUM) strcpy(st,"album");
data/mpdcon.app-1.1.99/libmpdclient.c:1141:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"unknown table for list");
data/mpdcon.app-1.1.99/libmpdclient.c:1169:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"delete \"%i\"\n",songPos);
data/mpdcon.app-1.1.99/libmpdclient.c:1176:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "deleteid \"%i\"\n", id);
data/mpdcon.app-1.1.99/libmpdclient.c:1218:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"play \"%i\"\n",songPos);
data/mpdcon.app-1.1.99/libmpdclient.c:1225:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"playid \"%i\"\n",id);
data/mpdcon.app-1.1.99/libmpdclient.c:1236:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"pause \"%i\"\n",pauseMode);
data/mpdcon.app-1.1.99/libmpdclient.c:1247:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"move \"%i\" \"%i\"\n",from,to);
data/mpdcon.app-1.1.99/libmpdclient.c:1254:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "moveid \"%i\" \"%i\"\n", id, to);
data/mpdcon.app-1.1.99/libmpdclient.c:1261:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"swap \"%i\" \"%i\"\n",song1,song2);
data/mpdcon.app-1.1.99/libmpdclient.c:1268:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "swapid \"%i\" \"%i\"\n", id1, id2);
data/mpdcon.app-1.1.99/libmpdclient.c:1275:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"seek \"%i\" \"%i\"\n",song,time);
data/mpdcon.app-1.1.99/libmpdclient.c:1282:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"seekid \"%i\" \"%i\"\n",id,time);
data/mpdcon.app-1.1.99/libmpdclient.c:1302:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret = atoi(jobid);
data/mpdcon.app-1.1.99/libmpdclient.c:1315:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"repeat \"%i\"\n",repeatMode);
data/mpdcon.app-1.1.99/libmpdclient.c:1322:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"random \"%i\"\n",randomMode);
data/mpdcon.app-1.1.99/libmpdclient.c:1329:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"setvol \"%i\"\n",volumeChange);
data/mpdcon.app-1.1.99/libmpdclient.c:1336:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"volume \"%i\"\n",volumeChange);
data/mpdcon.app-1.1.99/libmpdclient.c:1343:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"crossfade \"%i\"\n",seconds);
data/mpdcon.app-1.1.99/libmpdclient.c:1359:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"already in command list mode");
data/mpdcon.app-1.1.99/libmpdclient.c:1369:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"already in command list mode");
data/mpdcon.app-1.1.99/libmpdclient.c:1380:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(connection->errorStr,"not in command list mode");
data/mpdcon.app-1.1.99/libmpdclient.h:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorStr[MPD_BUFFER_MAX_LENGTH+1];
data/mpdcon.app-1.1.99/libmpdclient.h:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MPD_BUFFER_MAX_LENGTH+1];
data/mpdcon.app-1.1.99/libmpdclient.c:74:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(arg);i++) {
data/mpdcon.app-1.1.99/libmpdclient.c:78:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = malloc(strlen(arg)+count+1);
data/mpdcon.app-1.1.99/libmpdclient.c:81:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(arg)+1;i++) {
data/mpdcon.app-1.1.99/libmpdclient.c:132:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(connection->buffer,"");
data/mpdcon.app-1.1.99/libmpdclient.c:135:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(connection->errorStr,"");
data/mpdcon.app-1.1.99/libmpdclient.c:260:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
connection->buflen = strlen(connection->buffer);
data/mpdcon.app-1.1.99/libmpdclient.c:262:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(output,MPD_WELCOME_MESSAGE,strlen(MPD_WELCOME_MESSAGE))) {
data/mpdcon.app-1.1.99/libmpdclient.c:274:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * tmp = &output[strlen(MPD_WELCOME_MESSAGE)];
data/mpdcon.app-1.1.99/libmpdclient.c:288:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&output[strlen(MPD_WELCOME_MESSAGE)]);
data/mpdcon.app-1.1.99/libmpdclient.c:299:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&output[strlen(MPD_WELCOME_MESSAGE)]);
data/mpdcon.app-1.1.99/libmpdclient.c:330:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int commandLen = strlen(command);
data/mpdcon.app-1.1.99/libmpdclient.c:484:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(output,"ACK",strlen("ACK"))==0) {
data/mpdcon.app-1.1.99/libmpdclient.c:964:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(re->value)) {
data/mpdcon.app-1.1.99/libmpdclient.c:1038:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("playlistinfo")+25);
data/mpdcon.app-1.1.99/libmpdclient.c:1045:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("playlistid")+25);
data/mpdcon.app-1.1.99/libmpdclient.c:1052:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("plchanges")+25);
data/mpdcon.app-1.1.99/libmpdclient.c:1060:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("listall")+strlen(sDir)+5);
data/mpdcon.app-1.1.99/libmpdclient.c:1060:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("listall")+strlen(sDir)+5);
data/mpdcon.app-1.1.99/libmpdclient.c:1069:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("listallinfo")+strlen(sDir)+5);
data/mpdcon.app-1.1.99/libmpdclient.c:1069:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("listallinfo")+strlen(sDir)+5);
data/mpdcon.app-1.1.99/libmpdclient.c:1078:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("lsinfo")+strlen(sDir)+5);
data/mpdcon.app-1.1.99/libmpdclient.c:1078:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("lsinfo")+strlen(sDir)+5);
data/mpdcon.app-1.1.99/libmpdclient.c:1104:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string = malloc(strlen("search")+strlen(sanitStr)+strlen(st)+6);
data/mpdcon.app-1.1.99/libmpdclient.c:1104:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string = malloc(strlen("search")+strlen(sanitStr)+strlen(st)+6);
data/mpdcon.app-1.1.99/libmpdclient.c:1104:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string = malloc(strlen("search")+strlen(sanitStr)+strlen(st)+6);
data/mpdcon.app-1.1.99/libmpdclient.c:1125:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string = malloc(strlen("find")+strlen(sanitStr)+strlen(st)+6);
data/mpdcon.app-1.1.99/libmpdclient.c:1125:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string = malloc(strlen("find")+strlen(sanitStr)+strlen(st)+6);
data/mpdcon.app-1.1.99/libmpdclient.c:1125:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string = malloc(strlen("find")+strlen(sanitStr)+strlen(st)+6);
data/mpdcon.app-1.1.99/libmpdclient.c:1146:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string = malloc(strlen("list")+strlen(sanitArg1)+strlen(st)+6);
data/mpdcon.app-1.1.99/libmpdclient.c:1146:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string = malloc(strlen("list")+strlen(sanitArg1)+strlen(st)+6);
data/mpdcon.app-1.1.99/libmpdclient.c:1146:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string = malloc(strlen("list")+strlen(sanitArg1)+strlen(st)+6);
data/mpdcon.app-1.1.99/libmpdclient.c:1151:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string = malloc(strlen("list")+strlen(st)+3);
data/mpdcon.app-1.1.99/libmpdclient.c:1151:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string = malloc(strlen("list")+strlen(st)+3);
data/mpdcon.app-1.1.99/libmpdclient.c:1160:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("add")+strlen(sFile)+5);
data/mpdcon.app-1.1.99/libmpdclient.c:1160:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("add")+strlen(sFile)+5);
data/mpdcon.app-1.1.99/libmpdclient.c:1168:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("delete")+25);
data/mpdcon.app-1.1.99/libmpdclient.c:1175:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("deleteid")+25);
data/mpdcon.app-1.1.99/libmpdclient.c:1183:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("save")+strlen(sName)+5);
data/mpdcon.app-1.1.99/libmpdclient.c:1183:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("save")+strlen(sName)+5);
data/mpdcon.app-1.1.99/libmpdclient.c:1192:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("load")+strlen(sName)+5);
data/mpdcon.app-1.1.99/libmpdclient.c:1192:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("load")+strlen(sName)+5);
data/mpdcon.app-1.1.99/libmpdclient.c:1201:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("rm")+strlen(sName)+5);
data/mpdcon.app-1.1.99/libmpdclient.c:1201:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("rm")+strlen(sName)+5);
data/mpdcon.app-1.1.99/libmpdclient.c:1217:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("play")+25);
data/mpdcon.app-1.1.99/libmpdclient.c:1224:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("playid")+25);
data/mpdcon.app-1.1.99/libmpdclient.c:1235:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("pause")+25);
data/mpdcon.app-1.1.99/libmpdclient.c:1246:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("move")+25);
data/mpdcon.app-1.1.99/libmpdclient.c:1253:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("moveid")+25);
data/mpdcon.app-1.1.99/libmpdclient.c:1260:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("swap")+25);
data/mpdcon.app-1.1.99/libmpdclient.c:1267:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("swapid")+25);
data/mpdcon.app-1.1.99/libmpdclient.c:1274:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("seek")+25);
data/mpdcon.app-1.1.99/libmpdclient.c:1281:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("seekid")+25);
data/mpdcon.app-1.1.99/libmpdclient.c:1289:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("update")+strlen(sPath)+5);
data/mpdcon.app-1.1.99/libmpdclient.c:1289:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("update")+strlen(sPath)+5);
data/mpdcon.app-1.1.99/libmpdclient.c:1314:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("repeat")+25);
data/mpdcon.app-1.1.99/libmpdclient.c:1321:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("random")+25);
data/mpdcon.app-1.1.99/libmpdclient.c:1328:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("setvol")+25);
data/mpdcon.app-1.1.99/libmpdclient.c:1335:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("volume")+25);
data/mpdcon.app-1.1.99/libmpdclient.c:1342:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("crossfade")+25);
data/mpdcon.app-1.1.99/libmpdclient.c:1350:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("password")+strlen(sPass)+5);
data/mpdcon.app-1.1.99/libmpdclient.c:1350:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * string = malloc(strlen("password")+strlen(sPass)+5);
ANALYSIS SUMMARY:
Hits = 152
Lines analyzed = 2907 in approximately 0.09 seconds (31175 lines/second)
Physical Source Lines of Code (SLOC) = 1819
Hits@level = [0] 14 [1] 61 [2] 75 [3] 1 [4] 15 [5] 0
Hits@level+ = [0+] 166 [1+] 152 [2+] 91 [3+] 16 [4+] 15 [5+] 0
Hits/KSLOC@level+ = [0+] 91.2589 [1+] 83.5624 [2+] 50.0275 [3+] 8.79604 [4+] 8.24629 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.